This blog provides step by step guide to move Highly Available (HA) File share for SAP Applications (S/4 HANA OR SAP NetWeaver ABAP/JAVA) in Windows environment from SOFS Cluster to Azure Files SMB (Premium). This solution is useful for existing SAP deployments in Azure and like to migrate to Azure Files SMB.
SOFS Cluster is an IaaS based deployment in which we need to deploy VMs and Azure Storage then configure SOFS Cluster for File Share. As with IaaS based solution, effort for maintenance could be a limiting factor.
Azure File SMB (Premium) is a PaaS based solution for HA File Share for SAP Application environment. It is available in LRS & ZRS type which can be chosen based on the deployment design for specific customer environments. Azure Backup can be used to backup the Azure Files SMB. For DR / cross region replication of Azure Files SMB, we can synchronize the data to another Azure Files SMB in DR region based on this link and point the DR SAP systems to the local(DR region) Azure Files SMB.
This blog can also be used for moving 'sapmnt' and 'trans' from any other File share solution to Azure Files SMB.
Note : Though SAP installation through SAP SWPM using Azure Files SMB(AFS) does not work properly as of July 2021, we did receive many questions from customers who wanted to move their existing SAP file shares from SMB shares on SOFS to SMB on Azure Premium Files. Therefore, we invested into the procedure described in this article. We are working with SAP and AFS development to make sure that SAP SWPM can work against SMB on AFS in the future as well.
Azure File Share authenticates based on users in Azure AD. We need to synchronize SAP specific operating system users & groups in AD DS to Azure AD using Azure AD Connect. Users for SAP system like ‘<sid>adm’, ‘SAPService<SID>’ and Group ‘SAP_<SID>_GlobalAdmin’ needs to be replicated to Azure AD.
Register your storage account with AD DS and then set the required domain properties on the storage account. Refer the link for more details.
Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope CurrentUser
cd <path of unzip location of AzFilesHybrid>
.\CopyToPSPath.ps1
Import-Module -Name AzFilesHybrid
Connect-AzAccount
$SubscriptionId = "<subscriptionId>"
$ResourceGroupName = "<resource group name of Azure Files>"
$StorageAccountName = "<storage account name>"
$DomainAccountType = "ComputerAccount"
$EncryptionType = "AES256,RC4"
Select-AzSubscription -SubscriptionId $SubscriptionId
Join-AzStorageAccountForAuth `
-ResourceGroupName $ResourceGroupName `
-StorageAccountName $StorageAccountName `
-DomainAccountType $DomainAccountType `
-EncryptionType $EncryptionType
Users : <sid>adm, SAPService<SID>
Group : SAP_<SID>_GlobalAdmin
RBAC Role : Storage File Data SMB Share Elevated Contributor
Roles for the users are assigned in the “Access Control(IAM)” of Fileshare.
robocopy \\sapglobal\sapmnt \\<Azurefiles_storageaccountname>.file.core.windows.net\sapmnt /e /mir /ia:RASHCNETO /mot:5 /mt:16 /z /v /log:robocopy_sapmnt.log
SAPGLOBALHOST = azfilessmbpr1.file.core.windows.net
In Addition, add the below parameter in the DEFAULT.PFL. Value of the parameter should be same as in parameter SAPGLOBALHOST.
SAPGLOBALHOSTFULL = < Azurefiles_storageaccountname >.file.core.windows.net
SAPGLOBALHOST = < Azurefiles_storageaccountname >.file.core.windows.net
Login as <sid>adm and Open command prompt as administrator
cd C:\usr\sap\PR1\ASCS00
mklink /d data \\azfilessmbpr1.file.core.windows.net\sapmnt\PR1\ASCS00\data
Repeat the steps for changing ‘log’ and ‘sec’ symbolic links.
cd C:\usr\sap\PR1
mklink /d SYS \\azfilessmbpr1.file.core.windows.net\sapmnt\PR1\SYS
Note : Rename the existing symbolic links before creating new links.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.